I've Been Mugged Blog

[Editor's note: today's guest post by reporters at ProPublica explores billing practices within the utility industry. Everyone uses electricity, so these new billing practices can negatively impact all consumers. The post is reprinted with permission.]

By Talia Buford, ProPublica

New Jersey was reeling from the Great Recession, and Gov. Jon S. Corzine had a plan. Infrastructure projects, he decided, would help the state shake off the country’s worst economic downturn in generations. In April 2009, the state utility regulator approved nearly $1 billion in projects to install energy-efficient streetlights and replace aging gas lines, and in the process create thousands of jobs across the state.

Utilities wouldn’t have to worry about the cost. Instead of tapping their annual budgets, they were given the green light to impose a surcharge on the gas and electric bills of every customer in the state.

Up till then, such surcharges had been rare, used, for example, in the 1970s when Arab oil-producing countries placed restrictions on exports to countries such as the United States that supported Israel, driving the price of oil to quadruple. Surcharges were used to provide utilities some relief from the volatile oil price swings. But instead of being a one-off, the surcharge championed by the Corzine administration a decade ago helped usher in a new era in the economics of energy.

Across the nation, local and state governments have turned to utilities to address acute and pervasive infrastructure needs, while utility companies have looked to surcharges as a way to finance those projects — and ensure steady profits. Sometimes, utilities have used revenue from surcharges to pay for things other than infrastructure, many of which customers might expect are already included in their rates: tree trimming (Kansas), smart meters (Colorado) and pension costs (Massachusetts).

In New Jersey, gas and electric bills are packed with add-ons that pay for everything from installing solar panels to putting substations on platforms above flood levels. For residential customers, a single charge, added to bills in increments as tiny as a thousandth of a cent per kilowatt hour, can add $35 to $45 a year to costs; for industrial and commercial customers, the charges can add up to tens of thousands of dollars annually. And it’s all on top of the price that regulators have agreed customers should pay for their electricity service.

The use of surcharges has proliferated over the last decade as the energy landscape has changed substantially. The price of oil and gas has dropped as domestic supplies have increased, and residential energy use has plummeted as appliances and lighting have become more efficient. Still, the national average price of electricity has increased slightly over the last decade, with additional surcharges counteracting any potential savings. That means at the end of the day, many customers have likely noticed little, if any change in their final bills.

That remains true in New Jersey, where residential bills last year averaged about $106.28 per month, according to the federal Energy Information Administration. Garden State residents consume less energy than residents of almost all other states, but they have the 12th highest price per kilowatt hour in the nation, at about 15 cents in 2018. Some critics say surcharges have made energy costs more opaque and made it harder for customers to know enough about what they’re paying for to push back.

“Some of these costs might be for important projects and initiatives,” said Evelyn Liebman, advocacy director for AARP New Jersey. “But the question is: How do you evaluate whether or not the price that you’re asking people to pay is fair and that the benefits outweigh the costs?”

To see how surcharges have affected electricity bills, ProPublica examined the charges assessed over the last decade by PSE&G, the utility arm of New Jersey’s largest energy company, PSEG. For PSE&G, adding surcharges has proved to be easier for financing projects than raising rates on its 2.2 million electric customers. The state Board of Public Utilities, which approves rate increases, has to approve surcharges, too, but the waiting period between when the utility spends the money and when it recovers it from customer bills is shorter.

PSE&G went eight years before seeking its most recent rate increase — a lengthy, rigorous process intended to ensure that utilities are reasonable in their charges and prudent in their spending. By October 2018, when its most recent “rate case” was completed, the number of surcharges on PSE&G customer bills had grown to 14, from five in 2009. (Of those, three charges are included in the “societal benefits” charge paid by every utility customer in the state and were created by legislation.)

This year, PSE&G has added two more surcharges to customer bills, bringing the current total to 16. Most notably, one surcharge, the Zero Emissions Certificate Recovery Charge, raises $300 million to prop up PSE&G’s three nuclear power plants. That charge applies to all New Jersey customers, regardless of who supplies their power.

Nationally, the average price of electricity has slightly increased over the last decade, according to data from the Energy Information Administration. But PSE&G said that over the last decade, its customer bills have decreased even with the surcharges, which have financed investments in solar power, energy efficiency and infrastructure upgrades.

The company said the spending has helped keep electricity service reliable, created jobs and reduced emissions. “Programs have costs,” Scott S. Jennings, a PSEG senior vice president, said in an interview. “We totally recognize that. But customers are paying far less than was paid in the past.”

PSE&G said the median monthly bill for customers who only receive electricity was $102 in 2019, down slightly from 2008 when it was $105. The median bill for customers who receive electricity and gas dropped to $176 per month in 2019 from $249 in 2008. Some of those savings can be attributed to lower fuel costs.

“We see that as a win for customers, the economy and the environment,” PSE&G said in a statement.

No federal entity tracks utility surcharges nationwide, but they have been followed for years by consumer advocates and regulatory groups. The National Regulatory Research Institute, the research arm of the association for utility regulators, has cautioned states to consider the potential impacts of surcharges before approving them, with a 2009 paper recommending that the fees be approved “only in special situations.” A review of the fees conducted for the AARP in 2012 found that at least 30 states add surcharges to customer bills for an array of purposes.

In New Jersey, the BPU energy director, Stacy Peterson, said the infrastructure work financed through surcharges needs to be done. Surcharges allow work to be completed more quickly, she said, and the BPU ensures the surcharge revenue is spent properly.

“We always have the ability to step in,” she said. “We’re not just approving these blindly.”

But some critics say utility regulators have lost sight of their mission when it comes to approving surcharges, particularly for what amount to routine business costs.

Regulators “need to remember that the public interest does not mean serving the utilities,” said David Nickel, state consumer counsel in Kansas. “It means serving the public. And sometimes that means looking at the utility and telling them ‘no.’”

Chances are, you give little thought to how your electricity bill is calculated. Surcharges capitalize on that.

“I don’t half look,” said Michael Denning, a 66-year-old retiree from Kearny, New Jersey, who had come to a PSE&G customer service center in Newark on a recent Friday to pay his bill. “They’re on there, but you can’t do anything.”

Other customers said they had not seen the charges and, when approached by a reporter, spent a few minutes shuffling through their bills to decipher what was what.

Each cycle, electricity bills are broken up into two buckets: supply and delivery. Supply charges cover the cost of producing power at a plant or buying it from another producer. Delivery charges cover the cost of bringing that power over transmission lines and ultimately to your light switch. Surcharges — also known in the industry as “trackers” or “clauses” — are included in the delivery bucket and are usually assessed as a fee per kilowatt hour of electricity used.

For a utility, how it seeks to recover expenses comes down to risk.

If a utility chooses to apply for a rate increase, regulators will weigh not only the costs the utility projects for the coming years but also any expenses the utility has made that were not part of its previous rate case. If regulators don’t think the expenses were necessary, they could reject the proposal, leaving the utility on the hook for those outlays.

Surcharges sidestep that risk. Where rate cases entail a fuller review of a utility’s operations, the analysis of a surcharge focuses on a single program. Before any money is spent, that single program is given the blessing of regulators, along with a means to collect the cost from customers up front.

In New Jersey, PSE&G has made surcharges a critical part of its business strategy. In investor materials from as early as 2009, the company notes that its regulatory strategy is to earn all authorized returns on investments and minimize regulatory lag — the time between when a change in costs for the utility is reflected in the customer’s rates.

PSE&G is allowed to earn a profit on some of its investments, and with each program announced came the promise of immediate payback. In a 2011 investor meeting presentation about future investments, the company touted its growth in the solar and energy efficiency arenas alongside receiving approval for immediate repayment through surcharges.

Fitch Ratings, one of the major credit rating agencies, raised the utility’s credit rating in 2012, increasing it one notch from BBB+ to A-, its current rating, citing New Jersey’s “constructive” regulatory environment. At the time, PSE&G had recently added a weather normalization surcharge to gas bills that helped guarantee cash flow even when customers saw a mild winter and used less energy. The BPU’s willingness to allow utilities to recover costs in a “timely manner” meant there was a predictable cash flow even in uncertain outside conditions, the credit agency said at the time.

In a 2014 presentation to industry executives and investors, the company said that it expected to use surcharges to recover 12% of the $11.3 billion invested in solar and energy efficiency programs and an infrastructure hardening program, dubbed “Energy Strong,” which targeted substations that flooded during Superstorm Sandy in 2012.

During another presentation, PSE&G said consumers ultimately wouldn’t feel the surcharge for solar and energy efficiency programs because it would replace a surcharge that was expiring of an equal amount. The move, the company noted, would “fully offset the impact to customer bills,” which wouldn’t go up. Of course, bills wouldn’t go down, either, despite lower fuel costs.

“We can debate the merits of what we should and shouldn’t do,” said Jennings of PSEG. “And different people will have different perspectives. It comes down to affordability and where you draw the line.”

Critics of the charges, however, say projects billed as protecting infrastructure from climate change or increasing reliability are less about improving service and more about ensuring profits.

“If you’re a utility and demand is flat, and you get a return on capital, how can you make a capital investment if no one is buying more electricity,” said David Dismukes, executive director of the Center for Energy Studies at Louisiana State University, who testified against PSE&G’s Energy Strong program. “You say that we need to build in ‘resiliency,’ that’s how you do it.”

PSEG projected roughly $1.6 billion in earnings for 2019. The company has also paid shareholders increasing dividends every year over the past decade.

In New Jersey, surcharges appear to have found a welcoming regulatory environment, especially as the state seeks to ensure its progressive climate policies don’t alienate businesses. It’s a balancing act the state has struggled to pull off. New Jersey has been on the cutting edge of environmental protection legislation, but such efforts were spurred in part by lax enforcement that allowed industrial pollution to do lasting harm to the state’s waterways.

For the most part, utility surcharges and the projects they finance attract only fleeting attention — an article in which residents called PSE&G’s utility pole mounted solar panels an “eyesore,” or others describing work done to help the utility recover after Superstorm Sandy.

“I don’t even pay attention,” Anthony Boone, a 48-year-old artist, said as he ran errands in Newark. “I just pay it. I guess I should be more in tune, but that’s pretty low on the totem pole.”

Some customers did start to pay attention this year after the utility’s parent company, PSEG, sought to impose the surcharge to subsidize its three aging nuclear plants. Without the subsidy, the company said it would have to close the plants, costing the state hundreds of jobs and a key source of clean energy.

Suddenly, surcharges were big news, as officials, executives and legislators sparred over PSEG’s demands and the $300 million price tag.

State experts said the plants were still relatively efficient and not in danger of closing. But a law enacted in May 2018 to compensate nuclear plants for being a cleaner energy source seemed to tie the hands of the BPU. In April, the board voted to impose the surcharge, even as some of the commissioners expressed misgivings, with one likening PSEG’s threats to extortion. The New Jersey rate counsel, Stefanie Brand, whose office advocates on behalf of customers, recently challenged the subsidy in court. In a brief filed this month, Brand said that if PSEG’s threat was all it took to secure the subsidy, then “the ratepayers of this state truly are being held captive.”

As a part of any surcharge agreement, the utility must come back to regulators at a specified point in the project and provide an accounting showing that the money is being spent as stipulated, the BPU said.

Regulators say they also review surcharges as part of a utility’s next application for a rate increase. But until a change made last year, utilities could go as long as they wanted without seeking a rate increase and undergoing the requisite review. A new rule, established by the BPU in January 2018, requires any utility with an infrastructure-related surcharge to submit to a full rate review within five years of the surcharge’s approval. (PSE&G is scheduled to file its next rate case by the end of 2023.)

“Any expense in a rate case has to be prudent,” said Paul Flanagan, executive director of the BPU. “When they’re spending money on building things, one of the issues is: ‘Is it prudent? Is it gold plated? Are they just spending money to earn money?’”

The agency can step in if it believes a charge is being misused, but it almost never does. The BPU doesn’t track such interventions, but of the roughly 1,500 matters that come before the agency annually, Flanagan said interventions have been “fairly rare.”

At core, utilities and regulators see surcharges differently.

Jennings, the PSEG executive, said surcharges help the company invest wisely, ensuring regulators support a project before any money is spent.

“We want to make sure that the other stakeholders, like BPU staff and ultimately the BPU, rate counsel and other key parties agree that it is worthwhile doing,” he said. “They will, through that process, agree that the type of work and basic program is prudent.”

However, the BPU’s Flanagan said surcharges are only a way to make sure that necessary upgrades are made quickly, and he rejected the idea that they are a tacit way for regulators to weigh in on how a company makes investments.

“The utilities run their companies,” he said. “The board doesn’t run the companies. If the utility feels the need to upgrade the system, they’re capable of doing that.”

Garden State residents pay among the highest prices per kilowatt hour in the nation for their electricity. Brand, the state-appointed advocate for customers, said she is concerned about the proliferation of surcharges.

“That kind of surcharge really should be left for extraordinary circumstances and the run-of-the-mill work the utilities should be doing through rates,” Brand said. “If they’re not making enough money to do the work, they always have the ability to come in for a rate case.”

While energy costs may not drive decisions about where to live, for big businesses, energy costs can be a significant factor in locating — or relocating — a facility.

Major commercial customers, such as chemical plants and large retailers, can buy energy from a third party or generate electricity itself, but the power still has to go through a utility’s distribution and transmission lines, which is where the surcharges are applied. That leaves them with no way to avoid the not-so-small impact of the surcharges.

“We have gotten to the point that more money is probably collected at this point through these mechanisms than through base rates,” said Steve Goldenberg, a lawyer for the New Jersey Large Energy Users Coalition, which represents retailers, manufacturers, food chains and pharmaceutical companies. “And that’s the problem.”

For the Kuehne Company, which uses electricity to manufacture industrial grade bleach at plants in New Jersey, Delaware and Connecticut, surcharges have a significant impact on the company’s bottom line.

“We live and die by energy,” said Bill Paulin, the company’s co-president, noting that electricity makes up 40% of the company’s production costs.

“Our energy costs are in the millions,” he said. “We spend more on electricity than we do on medical insurance for our employees.”

The company, which employs 150 people across its three locations, has been in New Jersey since 1919, and it recently built a new manufacturing facility in Kearny, on the industrial peninsula between Newark and Jersey City. Paulin said the company made the decision to stay because of New Jersey’s access to the Northeast markets, and because of the employees who live in the state.

“We decided to take a chance and do what we needed to do to stay,” Paulin said. Still, the new facility, which was built on the site of the company’s older plant, can be dismantled and moved if costs — such as utility bills — continue to rise, he said.

“It wouldn’t be easy or cheap, but we can do it if things get out of whack.”

For now, the bills are holding steady, and not by accident.

A surcharge, imposed five years ago to cover improvements to the utility’s resilience after Hurricane Irene and Superstorm Sandy, was expiring. The program, which collected on average about $4 a month from residential customers and substantially more from commercial customers, would soon be history.

But PSE&G had already asked to impose a new surcharge, which would raise $1.5 billion to elevate or close old substations in flood zones. It would be part of Energy Strong II — an extension of the Sandy recovery program.

During discussions with the BPU and rate counsel this summer, PSE&G scaled back its proposal, and in September, the BPU approved the next phase of the program. The cost to residential customers will be about $3 each month — almost the same amount as the expiring surcharge for the previous round of the recovery program.

For more coverage, read ProPublica’s previous reporting on the environment.

ProPublica is a Pulitzer Prize-winning investigative newsroom. Sign up for The Big Story newsletter to receive stories like this one in your inbox.

The American Automobile Association (AAA) reported new research results from tests of automatic emergency braking with pedestrian detection systems in automobiles. The AAA found that these systems work inconsistently and failed when most needed: at night. Chief findings from the report:

"... automatic emergency braking systems with pedestrian detection perform inconsistently, and proved to be completely ineffective at night. An alarming result, considering 75% of pedestrian fatalities occur after dark. The systems were also challenged by real-world situations, like a vehicle turning right into the path of an adult. AAA’s testing found that in this simulated scenario, the systems did not react at all, colliding with the adult pedestrian target every time..."

The testing was performed jointly with the Automotive Club of Southern California’s Automotive Research Center in Los Angeles, California. Track testing was conducted on closed surface streets on the grounds of the Auto Club Speedway in Fontana, California. Four test vehicles were used: 2019 Chevy Malibu, 2019 Honda Accord, 2019 Tesla Model 3 and 2019 Toyota Camry. The testing included four scenarios:

1. "An adult crossing in front of a vehicle traveling at 20 mph and 30 mph during the day and at 25 mph at night;
2. A child darting out from between two parked cars in front of a vehicle traveling at 20 mph and 30 mph;
3. A vehicle turning right onto an adjacent road with an adult crossing at the same time; and
4. Two adults standing along the side of the road with their backs to traffic, with a vehicle approaching at 20 mph and 30 mph."

For scenario #1: a vehicle moving at 20 mph a collision resulted 60% of the time (= the systems avoided a collision 40 percent of the time). For scenario #2: a collision occurred 89% of the time for vehicles moving at 20 mph For scenario #3, collisions resulted 100 percent of the time. For scenario #4, a collision resulted 80 percent of the time for vehicles moving at 20 mph. Additional test results:

"... the systems were ineffective in all scenarios where the vehicle was traveling at 30 mph. At night, none of the systems detected or reacted to the adult pedestrian."

The October 2019 "Automatic Emergency Braking With Pedestrian Detection" AAA report is available here (Adobe PDF).

MediaPost reported:

"The first drone home deliveries of packages from Walgreens have started from Wing, the Alphabet subsidiary. Wing recently received an expanded Air Carrier Certificate from the Federal Aviation Administration allowing the first commercial air delivery service by drone directly to homes in the U.S. The FAA permissions are the first allowing multiple pilots to oversee multiple unmanned aircraft making commercial deliveries to the general public simultaneously. Collaborating with Federal Express and Virginia retailer Sugar Magnolia, Wing began delivering over-the-counter medication, gifts and snacks to residents of Christiansburg, Virginia. FedEx completed the first scheduled ecommerce drone delivery on Friday [October 18th]..."

Last month, Selligent Marketing Cloud announced the results of a global survey about how consumers view various brands. Some of the findings included smart speakers or voice assistants. Key findings:

"Sixty-nine percent of surveyed consumers find it “creepy” when they receive ads based on unprompted cues from voice assistants like Apple’s Siri, Amazon’s Alexa and Google Home. Fifty-one percent are worried that voice assistants are listening to conversations without their consent."

Regarding voice assistants, younger consumers are likely to believe they are being listened to without their knowledge. 58 percent of Gen-Z (ages 18-24) versus 36 percent for Baby Boomers (ages 55-75) held this view. Key findings about privacy and social media: 41 percent of respondents said they have reduced their use of social media due to privacy concerns, and 32 percent said they quit at least one social media platform within the last 12 months.

Selligent surveyed 5,000 consumers in North America and Western Europe. The company provides services to help B2C marketers. To learn more, see the Selligent "Global Connected Consumer Index."

The U.S. Federal Trade Commission (FTC) announced on Tuesday the distribution of about $31 million worth of refunds to certain customers of Lifelock, an identity protection service. The refunds are part of a previously announced settlement agreement to resolve allegations that the identity-theft service violated a 2010 consent order.

Lifelock has featured notable spokespersons, including radio talk-show host Rush Limbaugh, television personality Montel Williams, actress Angie Harmon, and former New York City Mayor Rudy Giuliani, who is now the personal attorney for President Trump.

The FTC announcement explained:

"The refunds stem from a 2015 settlement LifeLock reached with the Commission, which alleged that from 2012 to 2014 LifeLock violated an FTC order that required the company to secure consumers’ personal information and prohibited it from deceptive advertising. The FTC alleged, among other things, that LifeLock failed to establish and maintain a comprehensive information security program to protect users’ sensitive personal information, falsely advertised that it protected consumers’ sensitive data with the same high-level safeguards used by financial institutions, and falsely claimed it provided 24/7/365 alerts “as soon as” it received any indication a consumer’s identity was being used."

The 2015 settlement agreement with the FTC required LifeLock agreed to pay $100 million to affected customers. About $68 million has been paid to customers who were part of a class action lawsuit. The FTC is using the remaining money to provide refunds to consumers who were LifeLock members between 2012 and 2014, but did not receive a payment from the class action settlement.

The FTC expects to mail about one million refund checks worth about $29 each.

If you are a Lifelock customer and find this checkered history bothersome, Consumer Reports has some recommendations about what you can do instead. It might save you some money, too.

A report by the International Data Corporation (IDC) has forecasted worldwide shipments of devices for smart homes to grown 23.5% in 2019 over 2018 to nearly 815 million. The report also forecasted a 14.4 percent annual compound growth rate to about 1.39 billion shipments in 2023.

According to the announcement about the report:

"Video entertainment devices are expected to maintain the largest volume of shipments, accounting for 29.9% of all shipments in 2023... Home monitoring/security devices like smart cameras and smart locks will account for 22.1% of the shipments in 2023... Growth in smart speakers and displays is expected to slow to single digits in the next few years... as the installed base of these devices approaches saturation and consumers look to other form factors to access smart assistants in the home, such as thermostats, appliances, and TVs to name a few."

The report, titled "Worldwide Quarterly Smart Home Device Tracker," includes familiar products such as Amazon Echo, Google Home, Philips Hue bulbs, smart speakers, smart thermostats, and connected doorbells. The report covers Asia/Pacific, Canada, Central and Eastern Europe, China, Japan, Latin America, the Middle East and Africa, the United States, and Western Europe.

Surveys in 2018 found that most consumers are satisfied with in-home voice-controlled assistants, and performance issues hinder trust and device adoption. A survey in 2017 found that 90 percent of consumers want security built into smart-home devices. Also in 2017, researchers warned that a hacked Amazon Echo could be turned into always-on surveillance devices.

And, consumers should use these privacy tips for smart speakers in their homes.

Today's smart homes contain a variety of internet-connected appliances -- televisions, utility meters, hot water heaters, thermostats, refrigerators, security systems, solar panels -- and internet-connected devices you might not expect:  mouse traps, water bowls and feeders for your pets, wine bottles, crock pots, toy dolls, trash/recycle bins, vibrators, orgasm trackers, and adult sex toys. It is a connected world, indeed.

For drivers concerned about the environment and pollution, the automobile industry has offered hybrids (which run on gasoline, and electric battery power) and completely electric vehicles (solely on electric battery power). The same technology trend is underway within the cruise industry.

On September 26, the Port of Vancouver welcomed the MS Roald Amundsen. Some call this cruise ship the "Tesla of the cruise industry." The International Business Times explained:

"MS Roald Amundsen can be called Tesla of the cruise industry as it is similar to the electrically powered Tesla car that set off a revolution in the auto sector by running on batteries... The state of the art ship was unveiled earlier this year by Scandinavian cruise operator Hurtigruten. The cruise ship is one of the most sustainable cruise vessels with the distinction of being one of the two hybrid-electric cruise ships in the world. MS Roald Amundsen utilizes hybrid technology to save fuel and reduce carbon dioxide emissions by 20 percent."

With 15 cruise ships, Hurtigruten offers sailings to Norway, Iceland, Alaska, Arctic, Antarctica, Europe, South America, and more. Named after the first man to cross Antarctica and reach the South Pole, the MS Roald Amundsen carries about 530 passengers.

While some cruise ships already use onboard solar panels to reduce fuel consumption, this is the first hybrid-electric cruise ship. It is an important step forward to prove that large ships can be powered in this manner.

Several ships in Royal Caribbean Cruise Line's fleet, including the Oasis of the Seas, have been outfitted with solar panels. The image on the right provides a view of  the solar panels on the Celebrity Solstice cruise ship, while it was docked in Auckland, New Zealand in March, 2019. The panels are small and let sunlight through.

The Vancouver Is Awesome site explained why the city gave the MS Roald Amundsen special attention:

"... the Vancouver Fraser Port Authority, the federal agency responsible for the stewardship of the port, has set its vision to be the world’s most sustainable port. As a part of this vision, the port authority works to ensure the highest level of environmental protection is met in and around the Port of Vancouver. This commitment resulted in the port authority being the first in Canada and third in the world to offer shore power, an emissions-reducing initiative, for cruise ships. That said, a shared commitment to sustainability isn’t the only thing Hurtigruten has in common with our awesome city... The hybrid-electric battery used in the MS Roald Amundsen was created by Vancouver company, Corvus Energy."

Reportedly, the MS Roald Amundsen can operate for brief periods of time only on battery power, resulting in zero fuel usage and zero emissions. The Port of Vancouver's website explains its Approach to Sustainability policy:

"We are on a journey to meet our vision to become the world’s most sustainable port. In 2010 we embarked on a two-year scenario planning process with stakeholders called Port 2050, to improve our understanding of what the region may look like in the future... We believe a sustainable port delivers economic prosperity through trade, maintains a healthy environment, and enables thriving communities, through meaningful dialogue, shared aspirations and collective accountability. Our definition of sustainability includes 10 areas of focus and 22 statements of success..."

I encourage everyone to read the Port of Vancouver's 22 statements of success for a healthy environment and sustainable port. Selected statements from that list:

"Healthy ecosystems:
8) Takes a holistic approach to protecting and improving air, land and water quality to promote biodiversity and human health
9) Champions coordinated management programs to protect habitats and species. Climate action
10) Is a leader among ports in energy conservation and alternative energy to minimize greenhouse gas emissions..."

"Responsible practices:
12) Improves the environmental, social and economic performance of infrastructure through design, construction and operational practices
13) Supports responsible practices throughout the global supply chain..."

"Aboriginal relationships:
18) Respects First Nations’ traditional territories and value traditional knowledge
19) Embraces and celebrates Aboriginal culture and history
20) Understands and considers contemporary interests and aspirations..."

In separate but related news, government officials in the French Riviera city of Cannes are considering a ban of cruise ships to curb pollution. The Travel Pulse site reported:

"The ban would apply to passenger vessels that do not meet a 0.1 percent sulfur cap in their fuel emissions. Any cruise ship that attempted to enter the port that did not meet the higher standards would be turned away without allowing passengers to disembark."

During 2018, about 370,000 cruise ship passengers visited Cannes, making it the fourth busiest port in France. Officials are concerned about pollution. Other European ports are considering similar bans:

"Another French city, Saint-Raphael, has also instituted similar rules to curb the pollution of the water and air around the city. Other European ports such as Santorini and Venice have also cited cruise ships as a significant cause of over-tourism across the region."

If you live and/or work in a port city, it seems worthwhile to ask your local government or port authority what it is doing about sustainability and pollution. The video below explains some of the features in this new "expedition ship" with itineraries and activities that focus upon science:

Video courtesy of Hurtigruten

[Editor's note: this post was updated to include a photo of solar panels on the Celebrity Solstice cruise ship.]

Last week, several of the largest corporations petitioned the United States government for federal legislation in two key topics: consumer privacy and gun reform.

First, the Chief Executive Officers (CEOs) at 51 corporations sent a jointly signed letter to leaders in Congress asking for a federal privacy law to supersede laws emerging in several states. ZD Net reported:

"The open-letter was sent on behalf of Business Roundtable, an association made up of the CEOs of America's largest companies... CEOs blamed a patchwork of differing privacy regulations that are currently being passed in multiple US states, and by several US agencies, as one of the reasons why consumer privacy is a mess in the US. This patchwork of privacy regulations is creating problems for their companies, which have to comply with an ever-increasing number of laws across different states and jurisdictions. Instead, the 51 CEOs would like one law that governs all user privacy and data protection across the US, which would simplify product design, compliance, and data management."

The letter was sent to U.S. Senate Majority Leader Mitch McConnell, U.S. Senate Minority Leader Charles E. Schumer, Senator Roger F. Wicker (Chairman of the Committee on Commerce, Science and Transportation), Nancy Pelosi (Speaker of the U.S. House of Representatives), Kevin McCarthy (Minority Leader of the U.S. House of Representatives), Frank Pallone, Jr. (Chairman of the Committee on Energy and Commerce in the U.S. House of Representatives), and other ranking politicians.

The letter stated, in part:

"Consumers should not and cannot be expected to understand rules that may change depending upon the state in which they reside, the state in which they are accessing the internet, and the state in which the company’s operation is providing those resources or services. Now is the time for Congress to act and ensure that consumers are not faced with confusion about their rights and protections based on a patchwork of inconsistent state laws. Further, as the regulatory landscape becomes increasingly fragmented and more complex, U.S. innovation and global competitiveness in the digital economy are threatened. "

That sounds fair and noble enough. After writing this blog for more than 12 years, I have learned that details matters. Who writes the proposed legislation and the details in that legislation matter. It is too early to tell if the proposed legislation is weaker or stronger than what some states have implemented.

Some of the notable companies which signed the joint letter included AT&T, Amazon, Comcast, Dell Technologies, FedEx, IBM, Qualcomm, Salesforce, SAP, Target, and Walmart. Signers from the financial services sector included American Express, Bank of America, Citigroup, JPMorgan Chase, MasterCard, State Farm Insurance, USAA, and Visa. Several notable companies did not sign the letter: Facebook, Google, Microsoft, and Verizon.

Second, The New York Times reported that executives from 145 companies sent a joint letter to members of the U.S. Senate demanding that they take action on gun violence. The letter stated, in part (emphasis added):

"... we are writing to you because we have a responsibility and obligation to stand up for the safety of our employees ,customers, and all Americans in the communities we serve across the country. Doing nothing about America's gun violence crisis is simply unacceptable and it is time to stand with the American public on gun safety. Gun violence in America is not inevitable; it's preventable. There are steps Congress can, and must take to prevent and reduce gun violence. We need our lawmakers to support common sense gun laws... we urge the Senate to stand with the American public and take action on gun safety by passing a bill to require background checks on all gun sales and a strong Red Flag law that would allow courts to issue life-saving extreme risk protection orders..."

Some of the notable companies which signed the letter included Airbnb, Bain Capital, Bloomberg LP, Conde Nast, DICK'S Sporting Goods, Gap Inc., Levi Strauss & Company, Lyft, Pinterest, Publicis Groupe, Reddit, Royal Caribbean Cruises Ltd., Twitter, Uber, and Yelp.

Earlier this year, the U.S. House of Representatives passed legislation to address gun violence. So far, the U.S. Senate has done nothing. Representative Kathy Castor (14th District in Florida), explained the actions the House took in 2019:

"The Bipartisan Background Checks Act that I championed is a commonsense step to address gun violence and establish measures that protect our community and families. America is suffering from a long-term epidemic of gun violence – each year, 120,000 Americans are injured and 35,000 die by firearms. This bill ensures that all gun sales or transfers are subject to a background check, stopping senseless violence by individuals to themselves and others... Additionally, the Democratic House passed H.R. 1112 – the Enhanced Background Checks Act of 2019 – which addresses the Charleston Loophole that currently allows gun dealers to sell a firearm to dangerous individuals if the FBI background check has not been completed within three business days. H.R. 1112 makes the commonsense and important change to extend the review period to 10 business days..."

Findings from a February, 2018 Quinnipiac national poll:

"American voters support stricter gun laws 66 - 31 percent, the highest level of support ever measured by the independent Quinnipiac University National Poll, with 50 - 44 percent support among gun owners and 62 - 35 percent support from white voters with no college degree and 58 - 38 percent support among white men... Support for universal background checks is itself almost universal, 97 - 2 percent, including 97 - 3 percent among gun owners. Support for gun control on other questions is at its highest level since the Quinnipiac University Poll began focusing on this issue in the wake of the Sandy Hook massacre: i) 67 - 29 percent for a nationwide ban on the sale of assault weapons; ii) 83 - 14 percent for a mandatory waiting period for all gun purchases. It is too easy to buy a gun in the U.S. today..."

Most people want to get the most from their smartphones. That includes using their devices wisely and with privacy. Mashable recommended seven privacy settings for Apple iPhone users. I found the recommendations very helpful, and thought that you would, too.

Three privacy settings stood out. First, many mobile apps have:

"... access to your camera. For some of these, the reasoning is a no-brainer. You want to be able to use Snapchat filters? Fine, the app needs access to your camera. That makes sense. Other apps' reasoning for having access to your camera might be less clear. Once again, head to Settings > Privacy > Camera and review what apps you've granted camera access. See anything in there that doesn't make sense? Go ahead and disable it."

A feature most consumers probably haven't considered:

"... which apps on your phone have requested microphone access. For example, do you want Drivetime to have access to your mic? No? Because if you've downloaded it, then it might. If an app doesn't have a clear reason for needing access to your microphone, don't give it that access."

And, perhaps most importantly:

"Did you forget about your voicemail? Hackers didn't. At the 2018 DEF CON, researchers demonstrated the ability to brute force voicemail accounts and use that access to reset victims' Google and PayPal accounts... Set a random 9-digit voicemail password. Go to Settings > Phone and scroll down to "Change Voicemail Password." You iPhone should let you choose a 9-digit code..."

The full list is a reminder for consumers not to assume that the default settings on mobile apps you install are right for your privacy needs. Wise consumers check and make adjustments.

Many consumers love the hands-free convenience of smart speakers in their homes. The appeal includes several applications: stream music, plan travel, manage your grocery list, get briefed on news headlines, buy movie tickets, hear jokes, get sports scores, and more. Like any other internet-connected device, it's wise to know and use the device's security settings if you value your, your children's, and your guests' privacy.

In the August issue of its print magazine, Consumer Reports (CR) advises the following settings for your smart speakers:

"Protect Your Privacy
If keeping a speaker with a microphone in your home makes you uneasy, you have reason to be. Amazon, Apple, and Google all collect recorded snippets of consumers' commands to improve their voice-computing technology. But they also offer ways to mute the mic when it's not in use. The Amazon Echo has an On/Off button on top of the device. The Google Home's mute button is on the back. And Apple's HomePod requires a voice command: "Hey, Siri, stop listening." (You then use a button to turn the device back on.) For a third-party speaker, consult the owner's manual for instructions."

To learn more, the CR site offers several resources:

• How To Set Up A Smart Speaker For Privacy
• Smart Speakers Buying Guide
• Best Smart Speakers Of 2019

News reports last week described in detail the operating issues that affect the integrity and reliability of products sold on the Amazon site. The Verge reported that some sellers:

"... hop onto fast-selling listings with counterfeit goods, or frame their competitors with fake reviews. One common tactic is to find a once popular, but now abandoned product and hijack its listing, using the page’s old reviews to make whatever you’re selling appear trustworthy. Amazon’s marketplace is so chaotic that not even Amazon itself is safe from getting hijacked. In addition to being a retail platform, Amazon sells its own house-brand goods under names like AmazonBasics, Rivet furniture, Happy Belly food, and hundreds of other labels."

The hijacked product pages include photos, descriptions, reviews, and/or comments from other products -- a confusing mix of content. You probably assumed that it isn't possible for this to happen, but it does. The Verge report explained:

"There are now more than 2 million sellers on the platform, and Amazon has struggled to maintain order. A recent Wall Street Journal investigation found thousands of items for sale on the site that were deceptively labeled or declared unsafe by federal regulators... A former Amazon employee who now works as a consultant for Amazon sellers, she’s worked with clients who have undergone similar hijackings. She says these listings were likely seized by a seller who contacted Amazon’s Seller Support team and asked them to push through a file containing the changes. The team is based mostly overseas, experiences high turnover, and is expected to work quickly, Greer says, and if you find the right person they won’t check what changes the file contains."

This directly affects online shoppers. The article also included this tip for shoppers:

"... the easiest way to detect a hijacking is to check that the reviews refer to the product being sold..."

What a mess! The burden should not fall upon shoppers. Amazon needs to clean up its mess -- quickly. What are your opinions.

The announcement by Google last week included some dubious claims, which received a fair amount of attention among privacy experts. First, a Senior Product Manager of User Privacy and Trust wrote in a post:

"Ads play a major role in sustaining the free and open web. They underwrite the great content and services that people enjoy... But the ad-supported web is at risk if digital advertising practices don’t evolve to reflect people’s changing expectations around how data is collected and used. The mission is clear: we need to ensure that people all around the world can continue to access ad supported content on the web while also feeling confident that their privacy is protected. As we shared in May, we believe the path to making this happen is also clear: increase transparency into how digital advertising works, offer users additional controls, and ensure that people’s choices about the use of their data are respected."

Okay, that is a fair assessment of today's internet. And, more transparency is good. Google executives are entitled to their opinions. The post also stated:

"The web ecosystem is complex... We’ve seen that approaches that don’t account for the whole ecosystem—or that aren’t supported by the whole ecosystem—will not succeed. For example, efforts by individual browsers to block cookies used for ads personalization without suitable, broadly accepted alternatives have fallen down on two accounts. First, blocking cookies materially reduces publisher revenue... Second, broad cookie restrictions have led some industry participants to use workarounds like fingerprinting, an opaque tracking technique that bypasses user choice and doesn’t allow reasonable transparency or control. Adoption of such workarounds represents a step back for user privacy, not a step forward."

So, Google claims that blocking cookies is bad for privacy. With a statement like that, the "User Privacy and Trust" title seems like an oxymoron. Maybe, that's the best one can expect from a company that gets 87 percent of its revenues from advertising.

Also on August 22nd, the Director of Chrome Engineering repeated this claim and proposed new internet privacy standards (bold emphasis added):

... we are announcing a new initiative to develop a set of open standards to fundamentally enhance privacy on the web. We’re calling this a Privacy Sandbox. Technology that publishers and advertisers use to make advertising even more relevant to people is now being used far beyond its original design intent... some other browsers have attempted to address this problem, but without an agreed upon set of standards, attempts to improve user privacy are having unintended consequences. First, large scale blocking of cookies undermine people’s privacy by encouraging opaque techniques such as fingerprinting. With fingerprinting, developers have found ways to use tiny bits of information that vary between users, such as what device they have or what fonts they have installed to generate a unique identifier which can then be used to match a user across websites. Unlike cookies, users cannot clear their fingerprint, and therefore cannot control how their information is collected... Second, blocking cookies without another way to deliver relevant ads significantly reduces publishers’ primary means of funding, which jeopardizes the future of the vibrant web..."

Yes, fingerprinting is a nasty, privacy-busting technology. No argument with that. But, blocking cookies is bad for privacy? Really? Come on, let's be honest.

This dubious claim ignores corporate responsibility... that some advertisers and website operators made choices -- conscious decisions to use more invasive technologies like fingerprinting to do an end-run around users' needs, desires, and actions to regain online privacy. Sites and advertisers made those invasive-tech choices when other options were available, such as using subscription services to pay for their content.

Plus, Google's claim also ignores the push by corporate internet service providers (ISPs) which resulted in the repeal of online privacy protections for consumers thanks to a compliant, GOP-led Federal Communications Commission (FCC), which seems happy to tilt the playing field further towards corporations and against consumers. So, users are simply trying to regain online privacy.

During the past few years, both privacy-friendly web browsers (e.g., Brave, Firefox) and search engines (e.g., DuckDuckGo) have emerged to meet consumers' online privacy needs. (Well, it's not only consumers that need online privacy. Attorneys and businesses need it, too, to protect their intellectual property and proprietary business methods.) Online users demanded choice, something advertisers need to remember and value.

Privacy experts weighed in about Google's blocking-cookies-is-bad-for-privacy claim. Jonathan Mayer and Arvind Narayanan explained:

That’s the new disingenuous argument from Google, trying to justify why Chrome is so far behind Safari and Firefox in offering privacy protections. As researchers who have spent over a decade studying web tracking and online advertising, we want to set the record straight. Our high-level points are: 1) Cookie blocking does not undermine web privacy. Google’s claim to the contrary is privacy gaslighting; 2) There is little trustworthy evidence on the comparative value of tracking-based advertising; 3) Google has not devised an innovative way to balance privacy and advertising; it is latching onto prior approaches that it previously disclaimed as impractical; and 4) Google is attempting a punt to the web standardization process, which will at best result in years of delay."

The researchers debunked Google's claim with more details:

"Google is trying to thread a needle here, implying that some level of tracking is consistent with both the original design intent for web technology and user privacy expectations. Neither is true. If the benchmark is original design intent, let’s be clear: cookies were not supposed to enable third-party tracking, and browsers were supposed to block third-party cookies. We know this because the authors of the original cookie technical specification said so (RFC 2109, Section 4.3.5). Similarly, if the benchmark is user privacy expectations, let’s be clear: study after study has demonstrated that users don’t understand and don’t want the pervasive web tracking that occurs today."

Moreover:

"... there are several things wrong with Google’s argument. First, while fingerprinting is indeed a privacy invasion, that’s an argument for taking additional steps to protect users from it, rather than throwing up our hands in the air. Indeed, Apple and Mozilla have already taken steps to mitigate fingerprinting, and they are continuing to develop anti-fingerprinting protections. Second, protecting consumer privacy is not like protecting security—just because a clever circumvention is technically possible does not mean it will be widely deployed. Firms face immense reputational and legal pressures against circumventing cookie blocking. Google’s own privacy fumble in 2012 offers a perfect illustration of our point: Google implemented a workaround for Safari’s cookie blocking; it was spotted (in part by one of us), and it had to settle enforcement actions with the Federal Trade Commission and state attorneys general."

Gaslighting, indeed. Online privacy is important. So, too, are consumers' choices and desires. Thanks to Mr. Mayer and Mr. Narayanan for the comprehensive response.

What are your opinions of cookie blocking? Of Google's claims?

Nobody wants to pay too much for a product. If you like online shopping, you may have been charged higher prices than your neighbors. Gizmodo reported:

"... researchers have documented and studied the use of so-called "surveillance scoring," the shadowy, but widely adopted practice of using computer algorithms that, in commerce, result in customers automatically paying different prices for the same product. The term also encompasses tactics used by employers and landlords to deny applicants jobs and housing, respectively, based on suggestions an algorithm spits out. Now experts allege that much of this surveillance scoring behavior is illegal, and they’re are asking the Federal Trade Commission (FTC) to investigate."

"In a 38-page petition filed last week, the Consumer Education Foundation (CEF), a California nonprofit with close ties to the group Consumer Watchdog, asked the FTC to explore whether the use of surveillance scores constitute “unfair or deceptive practices” under the Federal Trade Commission Act..."

The petition is part of a "Represent Consumers" (RC) program.

Many travelers have experienced dynamic pricing, where airlines vary fares based upon market conditions: when demand increases, prices go up; when demand decreases, prices go down. Similarly, when there are many unsold seats (e.g., plenty of excess supply), prices go down. But that dynamic pricing does not vary for each traveler.

Pricing by each person raises concerns of price discrimination. The legal definition of price discrimination in the United States:

"A seller charging competing buyers different prices for the same "commodity" or discriminating in the provision of "allowances" — compensation for advertising and other services — may be violating the Robinson-Patman Act... Price discriminations are generally lawful, particularly if they reflect the different costs of dealing with different buyers or are the result of a seller's attempts to meet a competitor's offering... There are two legal defenses to these types of alleged Robinson-Patman violations: (1) the price difference is justified by different costs in manufacture, sale, or delivery (e.g., volume discounts), or (2) the price concession was given in good faith to meet a competitor's price."

Airlines have wanted to extend dynamic pricing to each person, and "surveillance scores" seem perfectly suited for the task. The RC petition is packed with information which is instructive for consumers to learn about the extent of the business practices. First, the petition described the industry involved:

"Surveillance scoring starts with "analytics companies," the true number of which is unknown... these firms amass thousands or even tens of thousands of demographic and lifestyle data points about consumers, with the help of an estimated 121 data brokers and aggregators... The analytics firms use algorithms to categorize, grade, or assign a numerical value to a consumer based on the consumer’s estimated predicted behavior. That score then dictates how a company will treat a consumer. Consumers deemed to be less valuable are treated poorly, while consumers with better “grades” get preferential treatment..."

Second, the RC petition cited a study which identified 44 different types of proprietary surveillance scores used by industry participants to predict consumer behavior. Some of the score types (emphasis added):

"The Medication Adherence Score, which predicts whether a consumer is likely to follow a medication regimen; The Health Risk Score, which predicts how much a specific patient will cost an insurance company; The Consumer Profitability Score, which predicts which households may be profitable for a company and hence desirable customers; The Job Security Score, which predicts a person’s future income and ability to pay for things; The Churn Score, which predicts whether a consumer is likely to move her business to another company; The Discretionary Spending Index, which scores how much extra cash a particular consumer might be able to spend on non-necessities; The Invitation to Apply Score, which predicts how likely a consumer is to respond to a sales offer; The Charitable Donor Score, which predicts how likely a household is to make significant charitable donations; and The Pregnancy Predictor Score, which predicts the likelihood of someone getting pregnant."

It is important to note that the RC petition does not call for a halt in the collection of personal data about consumers. Rather, it asks the FTC, "to investigate and prohibit the targeting of consumers’ private data against them after it has been collected." Clarity is needed about what is, and is not, legal when consumers' personal data is used against them.

Third, the RC petition also cited published studies about pricing discrimination:

"An early seminal study of price discrimination published by researchers at Northeastern University in 2014 (Northeastern Price Discrimination Study) examined the pricing practices of e-commerce websites. The researchers developed a software-based methodology for measuring price discrimination and tested it with 300 real-world users who shopped on 16 popular e-commerce websites.³⁷ Of ten different general retailers tested in 2014, only one –- Home Depot –- was confirmed to be engaging in price discrimination. Home Depot quoted prices to mobile-device users that were approximately $100 more than those quoted to desktop users.³⁹ The researchers were unable to ascertain why... The Northeastern Price Discrimination Study also found that “human shoppers got worse bargains on a number of websites,”compared to an automated shopping browser that did not have any personal data trail associated with it,⁴² validating that Home Depot was considering shoppers’ personal data when setting prices online."

So, concerns about price discrimination aren't simply theory. Related to that, the RC petition cited its own research:

"... researchers at Northeastern University developed an online tool to “expose how websites personalize prices.” The Price Discrimination Tool (PDT) is a plug-in extension used on the Google Chrome browser that allows any Internet user to perform searches on five websites to see if the user is being charged a different price based on whatever information the companies have about that particular user. The PDT uses a remote computer server that is anonymous –- it has no personal data profile... The PDT then displays the price results from the human shopper’s search and those obtained by the remote anonymous computer server. Our own testing using the PDT revealed that Home Depot continues to offer different prices to human shoppers. For example, a search on Home Depot’s website for “white paint” reveals price discrimination. Of the 24 search results on the first page, Home Depot quoted us higher prices for six tubs of white paint than it quoted the anonymous computer... Our testing also revealed similar price discrimination on Home Depot’s website for light bulbs, toilet paper, toilet paper holders, caulk guns, halogen floor lamps and screw drivers... We also detected price discrimination on Walmart’s website using the PDT. Our testing revealed price discrimination on Walmart’s website for items such as paper towels, highlighters, pens, paint and toilet paper roll holders."

The RC petition listed examples: the Home Depot site quoted $59.87 for a five-gallon bucket of paint to the anonymous user, and $62.96 for the same product to a researcher. Another example: the site quoted $10.26 for a toilet-paper holder to the anonymous user, and $20.89 for the same product to a researcher -- double the price. Prices differences per person ranged from small to huge.

Besides concerns about price discrimination, the RC petition discussed "discriminatory customer service," and the data analytics firms allegedly involved:

"Zeta Global sells customer value scores that will determine, among other things, the quality of customer service a consumer receives from one of Zeta’s corporate clients. Zeta Global “has a database of more than 700 million people, with an average of over 2,500 pieces of data per person,” from which it creates the scores. The scores are based on data “such as the number of times a customer has dialed a call center and whether that person has browsed a competitor’s website or searched certain keywords in the past few days.” Based on that score, Zeta will recommend to its clients, which include wireless carriers, whether to respond to one customer more quickly than to others.

"Kustomer Inc.: Customer-service platform Kustomer Inc. uses customer value scores to enable retailers and other businesses to treat customer service inquiries differently..."

"Opera Solutions: describes itself as a “a global provider of advanced analytics software solutions that address the persistent problem of scaling Big Data analytics.” Opera Solutions generates customer value scores for its clients (including airlines, retailers and banks)..."

The petition cited examples of "discriminatory customer service," which include denied product returns, or customers shunted to less helpful customer service options. Plus, there are accuracy concerns:

"Considering that credit scores – the existence of which has been public since 1970 – are routinely based on credit reports found to contain errors that harm consumers’ financial standing,³¹ it is highly likely that Secret Surveillance Scores are based on inaccurate or outdated information. Since the score and the erroneous data upon which it relies are secret, there is no way to correct an error,³² assuming the consumer was aware of it."

Regular readers of this blog are already aware of errors in reports from credit reporting agencies. A copy of the RC petition is also available here (Adobe PDF, 3.2 Mbytes).

What immediately becomes clear while reading the petition is that massive amount of personal data collected about consumers to create several proprietary scores. Consumers have no way of knowing nor challenging the accuracy of the scores when they are used against them. So, not only has an industry risen which profits by acquiring and then selling, trading, analyzing, and/or using consumers' data; there is little to no accountability.

In other words, the playing field is heavily tilted for corporations and against consumers.

This is also a reminder why telecommunications companies fought hard for the repeal of broadband privacy and repeal of net neutrality, both of which the U.S. Federal Communications Commission (FCC) provided in 2017 under the leadership of FCC Chairman Ajit Pai, a Trump appointee. Repeal of the former consumer protection allows unrestricted collection of consumers' data, plus new revenue streams to sell the data collected to analytics firms, data brokers, and business partners.

Repeal of the second consumer protection allows internet and cable providers to price content using whatever criteria they choose. You see a rudimentary version of this pricing in a business practice called "zero rating." An example: streaming a movie via a provider's internet service counts against a data cap while the same movie viewed through the same provider's cable subscription does not. Yet, the exact same movie is delivered through the exact same cable (or fiber) internet connection.

Smart readers immediately realize that a possible next step includes zero ratings per-person. Streaming a movie might count against your data cap but not for your neighbor. Who would know? Oversight and consumer protections are needed.

What are your opinions of secret surveillance scores?

The U.S. Securities And Exchange Commission (SEC) announced on June 20th a settlement agreement to resolve charges that Walmart violated:

"... the Foreign Corrupt Practices Act (FCPA) by failing to operate a sufficient anti-corruption compliance program for more than a decade as the retailer experienced rapid international growth... According to the SEC’s order, Walmart failed to sufficiently investigate or mitigate certain anti-corruption risks and allowed subsidiaries in Brazil, China, India, and Mexico to employ third-party intermediaries who made payments to foreign government officials without reasonable assurances that they complied with the FCPA. The SEC’s order details several instances when Walmart planned to implement proper compliance and training only to put those plans on hold or otherwise allow deficient internal accounting controls to persist even in the face of red flags and corruption allegations."

Walmart agreed to pay more than $144 million to settle the SEC’s charges and about $138 million to resolve parallel criminal charges by the U.S. Department of Justice (DOJ), for a combined total of more than $282 million. The settlements cover activities by the retailer's foreign subsidiaries in Brazil, China, India, and Mexico.

The DOJ announcement on June 20th stated:

"According to Walmart’s admissions, from 2000 until 2011, certain Walmart personnel responsible for implementing and maintaining the company’s internal accounting controls related to anti-corruption were aware of certain failures involving these controls, including relating to potentially improper payments to government officials in certain Walmart foreign subsidiaries, but nevertheless failed to implement sufficient controls that, among other things, would have ensured: (a) that sufficient anti-corruption-related due diligence was conducted on all third-party intermediaries (TPIs) who interacted with foreign officials; (b) that sufficient anti-corruption-related internal accounting controls concerning payments to TPIs existed; (c) that proof was required that TPIs had performed services before Walmart paid them; (d) that TPIs had written contracts that included anti-corruption clauses; (e) that donations ostensibly made to foreign government agencies were not converted to personal use by foreign officials; and (f) that policies covering gifts, travel and entertainment sufficiently addressed giving things of value to foreign officials and were implemented. Even though senior Walmart personnel responsible for implementing and maintaining the company’s internal accounting controls related to anti-corruption knew of these issues, Walmart did not begin to change its internal accounting controls related to anti-corruption to comply with U.S. criminal laws until 2011... In a number of instances, insufficiencies in Walmart’s anti-corruption-related internal accounting controls in these foreign subsidiaries were reported to senior Walmart employees and executives. The internal control failures allowed the foreign subsidiaries in Mexico, India, Brazil and China to open stores faster than they would have with sufficient internal accounting controls related to anti-corruption. Consequently, Walmart earned additional profits through these subsidiaries by opening some of its stores faster..."

So, to fast-track store openings company executives allegedly made secret payments to "third-party individuals" who passed the money on to specific government officials who approve permits. CBS News reported:

"... the payments to the intermediary were recorded as payments to a construction company, even though there were numerous "red flags" to indicate that the intermediary was actually a government official... The federal agreement does not identify the intermediary, but describes her in some detail: It says she became known inside Walmart Brazil as a "sorceress" or "genie" for her "ability to acquire permits quickly by 'sort(ing) things out like magic.' " The plea agreement also includes a provision barring the Brazilian subsidiary from making public claims or issuing press releases contradicting the facts outlined under the plea agreement."

Walmart is not alone regarding FCPA violations. According to the SEC, several companies agreed to settlement agreements and payments during 2019:

• May 9, 2019: Telefônica Brasil S.A. – $4.125 million
• March 29, 2019: Fresenius Medical Care AG & Co. – $231 million to the SEC and DOJ
• March 6, 2019: Mobile TeleSystems PJSC – $850 million
• February 15, 2019: Cognizant – $25 million

Readers of this blog may remember, Fresenius paid $3.5 million last year to resolve HIPAA violations from 5 small data breaches during 2012. And, last week a whistleblower report discussed Cognizant's content moderation work as a Facebook subcontractor.

Notable companies with SEC settlement agreements and payments during 2018:

• December 26, 2018: Polycom – $16 million; Centrais Elétricas Brasileiras S.A. – $2.5 million penalty
• November 19, 2018: Vantage Drilling International – $5 million
• September, 2018: Stryker Corporation – $7.8 million penalty; Petróleo Brasileiro S.A. – $1.78 billion; United Technologies – $14 million; Sanofi – $25 million
• August 27, 2018: Legg Mason – $34 million
• July 5, 2018: Credit Suisse Group AG – $30 million to the SEC and a $47 million criminal penalty
• April, 2018: Panasonic Corporation – $143 million; The Dun & Bradstreet Corp. – $9 million in disgorgement, interest and a civil penalty

On Tuesday, Facebook announced its first financial services offering which will be available in 2020:

"... we’re sharing plans for Calibra, a newly formed Facebook subsidiary whose goal is to provide financial services that will let people access and participate in the Libra network. The first product Calibra will introduce is a digital wallet for Libra, a new global currency powered by blockchain technology. The wallet will be available in Messenger, WhatsApp and as a standalone app — and we expect to launch in 2020... Calibra will let you send Libra to almost anyone with a smartphone, as easily and instantly as you might send a text message and at low to no cost. And, in time, we hope to offer additional services for people and businesses, like paying bills with the push of a button, buying a cup of coffee with the scan of a code or riding your local public transit..."

Long before the announcement, consumers crafted interesting nicknames for the financial service, such as #FaceCoin and #Zuckbucks. Good to see people with a sense of humor.

On a more serious topic, after multiple data breaches and privacy snafus at Facebook (plus repeated promises by CEO Zuckerberg that his company will do better), many people are understandably concerned about data security and privacy. Facebook's announcement also addressed security and privacy:

"... Calibra will have strong protections... We’ll be using all the same verification and anti-fraud processes that banks and credit cards use, and we’ll have automated systems that will proactively monitor activity to detect and prevent fraudulent behavior... We’ll also take steps to protect your privacy. Aside from limited cases, Calibra will not share account information or financial data with Facebook or any third party without customer consent. This means Calibra customers’ account information and financial data will not be used to improve ad targeting on the Facebook family of products. The limited cases where this data may be shared reflect our need to keep people safe, comply with the law and provide basic functionality to the people who use Calibra. Calibra will use Facebook data to comply with the law, secure customers’ accounts, mitigate risk and prevent criminal activity."

So, the new Calibra subsidiary promised that it won't share users' account information with Facebook's core social networking service, except when it will -- to "comply with the law." The announcement encourages interested persons to sign up for email updates. This leaves Calibra customers to trust Facebook's wall separating its business units. "Provide basic functionality to the people who use Calibra" sounds like a huge loophole to justify any data sharing.

Tech and financial experts quickly weighed in on the announcement and its promises. TechCrunch explained why Facebook created a new business subsidiary. After Calibra's Tuesday announcement:

"... critics started harping about the dangers of centralizing control of tomorrow’s money in the hands of a company with a poor track record of privacy and security. Facebook anticipated this, though, and created a subsidiary called Calibra to run its crypto dealings and keep all transaction data separate from your social data. Facebook shares control of Libra with 27 other Libra Association founding members, and as many as 100 total when the token launches in the first half of 2020. Each member gets just one vote on the Libra council, so Facebook can’t hijack the token’s governance even though it invented it."

TechCrunch also explained the risks to Calibra customers:

"... that leaves one giant vector for abuse of Libra: the developer platform... Apparently Facebook has already forgotten how allowing anyone to build on the Facebook app platform and its low barriers to “innovation” are exactly what opened the door for Cambridge Analytica to hijack 87 million people’s personal data and use it for political ad targeting. But in this case, it won’t be users’ interests and birthdays that get grabbed. It could be hundreds or thousands of dollars’ worth of Libra currency that’s stolen. A shady developer could build a wallet that just cleans out a user’s account or funnels their coins to the wrong recipient, mines their purchase history for marketing data or uses them to launder money..."

During the coming months, hopefully Calibra will disclose the controls it will implement on the developer platform to prevent abuses, theft, and fraud.

Readers wanting to learn more should read the Libra White Paper, which provides more details about the companies involved:

"The Libra Association is an independent, not-for-profit membership organization headquartered in Geneva, Switzerland. The association’s purpose is to coordinate and provide a framework for governance for the network... Members of the Libra Association will consist of geographically distributed and diverse businesses, nonprofit and multilateral organizations, and academic institutions. The initial group of organizations that will work together on finalizing the association’s charter and become “Founding Members” upon its completion are, by industry:

1. Payments: Mastercard, PayPal, PayU (Naspers’ fintech arm), Stripe, Visa
2. Technology and marketplaces: Booking Holdings, eBay, Facebook/Calibra, Farfetch, Lyft, Mercado Pago, Spotify AB, Uber Technologies, Inc.
3. Telecommunications: Iliad, Vodafone Group
4. Blockchain: Anchorage, Bison Trails, Coinbase, Inc., Xapo Holdings Limited
5. Venture Capital: Andreessen Horowitz, Breakthrough Initiatives, Ribbit Capital, Thrive Capital, Union Square Ventures
6. Nonprofit and multilateral organizations, and academic institutions: Creative Destruction Lab, Kiva, Mercy Corps, Women’s World Banking"

Yes, the ride-hailing company, Uber, is involved. Yes, the same ride-hailing service which which paid $148 million to settle lawsuits and a coverup from a data breach in 2016. Yes, the same ride-hailing service with a history of data security, compliance, cultural, and privacy snafus. This suggests -- for better or worse -- that in the future consumers will be able to pay for Uber rides using the Libra Network.

Calibra hopes to have about 100 members in the Libra Association by the service launch in 2020. Clearly, there will be plenty more news to come. Below are draft screen images of the new app.

Google tracks all of your online purchases. How? ExpressVPN reported:

"Initially stumbled across by a CNBC reporter, a "Google Purchases" page keeps track of all digital receipts sent to your Gmail account from as far back as 2012. The page is not limited to purchases made directly from Google, either. From flight tickets to Amazon purchases to food delivery services, if the receipt went to your Gmail, it’s on the list. Google takes the name, date, and other specifics surrounding the purchase and records them in a list on the page."

The tracking is a reminder of the special place Internet service providers (ISPs) enjoy with access to all of users' online activities. Consumers' purchase receipts can include very sensitive information such as foods, medicine, and medical devices -- for parents and/or their children; or bookings for upcoming travel indicating when a home will be vacant; or purchases of medical marijuana, D-I-Y guns, and/or internet-connected adult toys. The bottom line: some consumers may not want their purchase data collected (nor shared with other companies by Google).

Now that you're aware of the tracking, something to consider the next time a cashier at a brick-and-mortar retail store asks: paper or email receipt? I always choose paper. You might, too.

To view your Google Purchase page, visit http://myaccount.google.com/purchases and sign in. Only you can view your purchases page.

Privacy solutions appear ugly. One option is to switch to an email provider that doesn't track you. If you decide to stay with Gmail, the only fix is a manual process which will cost you several hours or days to wade through your archive and delete emails:

"... the only way to remove a purchase from the list is to find and manually delete the email that contains the original receipt. Worse still, you can’t turn off tracking, and there’s no way to delete the list en masse. This process is incredibly tedious... Even more perplexing is that there’s no clear purpose for the collection of this data... the logic behind this reasoning is strange, the info is hiding in Google’s Account page, and it’s not exactly easy to access for users who want to “view and keep track of purchases.” And seeing as this page isn’t really being promoted to its users..."

Google said it is doing more for its customers regarding privacy. Last month, The Washington Post reported:

"... One executive after another at Google’s I/O conference in its hometown of Mountain View, California emphasized new privacy settings in products like search, maps, thermostats and updated mobile phone software. "We strongly believe that privacy and security are for everyone, not just a few," Google CEO Sundar Pichai said.

Said product manager Stephanie Cuthbertson, who introduced a new version of the Android mobile operating system: "You should always be in control of what you share and who you share it with."... Google also committed to improved privacy controls of its Nest-connected home devices, including the ability of users to delete their audio files. Some users have reported having hackers eavesdropping through their Nest devices."

Hmmm. It seems more privacy and control does not extend to Gmail users' purchase data. What are your opinions?

[Editor's note: this page was revised Monday evening to fix a typo and to include the link the Google Purchases page.]

ExpressVPN compiled its list for 2019 of the four worst mobile apps for privacy. If you value your online privacy and want to protect yourself, the security firm advises consumers to, "Delete them now." The list of apps includes both predictable items and some surprises:

"1. Angry Birds: If you were an international spying organization, which app would you target to harvest smartphone user information? If you picked Angry Birds, congratulations! You’re thinking just like the NSA and GCHQ did... what it lacks in gameplay, it certainly makes up for in leaky data... A mobile ad platform placed a code snippet in Angry Birds that allowed the company to target advertisements to users based on previously collected information. Unfortunately, the ad’s library of data was visible, meaning it was leaking user information such as phone number, call logs, location, political affiliation, sexual orientation, and marital status..."

"2. The YouVersion Bible App: The YouVersion Bible App is on more than 300 million devices around the world. It claims to be the No. 1 Bible app and comes with over 1,400 Bibles in over 1,000 languages. It also harvests data... Notable permissions the app demands are full internet access, the ability to connect and disconnect to Wi-Fi, modify stored content on the phone, track the device’s location, and read all a user’s contacts..."

Read the full list of sketchy apps at the ExpressVPN site.

Prior news reports highlighted the abuse of Apple's corporate digital certificates. Now, we learn that this abuse is more widespread than first thought. CNet reported:

"Pirates used Apple's enterprise developer certificates to put out hacked versions of some major apps... The altered versions of Spotify, Angry Birds, Pokemon Go and Minecraft make paid features available for free and remove in-app ads... The pirates appear to have figured out how to use digital certs to get around Apple's carefully policed App Store by saying the apps will be used only by their employees, when they're actually being distributed to everyone."

So, bad actors abuse technology intended for a company's employees to distribute apps directly to consumers. Software pirates, indeed.

To avoid paying for hacked apps, consumers need to shop wisely from trusted sites. A fix is underway. According to CNet:

"Apple will reportedly take steps to fight back by requiring all app makers to use its two-factor authentication protocol from the end of February, so logging into an Apple ID will require a password and code sent to a trusted Apple device."

Let's hope that fix is sufficient.

The Office of the Attorney General of the Commonwealth of Massachusetts announced two settlement agreements with Walgreens, a national pharmacy chain. Walgreens has agreed to pay about $2 million to settle multiple allegations of pricing abuses. According to the announcement:

"Under the first settlement, Walgreens will pay $774,486 to resolve allegations that it submitted claims to MassHealth in which it reported prices for certain prescription drugs at levels that were higher than what Walgreens actually charged, resulting in fraudulent overpayments."

"Under the second settlement, Walgreens will pay $1,437,366 to resolve allegations that from January 2006 through December 2017, rather than dispensing the quantity of insulin called for by a patient’s prescription, Walgreens exceeded the prescription amount and falsified information on claims submitted for reimbursement to MassHealth, including the quantity of insulin and/or days’ supply dispensed."

Both settlements arose from whistle-blower activity. MassHealth is the state's healthcare program based upon a state law passed in 2006 to provide health insurance to all Commonwealth residents. The law was amended in 2008 and 2010 to make it consistent with the federal Affordable Care Act.

Massachusetts Attorney General (AG) Maura Healey said:

"Walgreens repeatedly failed to provide MassHealth with accurate information regarding its dispensing and billing practices, resulting in overpayment to the company at taxpayers’ expense... We will continue to investigate cases of fraud and take action to protect the integrity of MassHealth."

In a separate case, Walgreen's will pay $1 million to the state of Arkansas to settle allegations of Medicaid fraud. Last month, the New York State Attorney General announced that New York State, other states, and the federal government reached:

"... an agreement in principle with Walgreens to settle allegations that Walgreens violated the False Claims Act by billing Medicaid at rates higher than its usual and customary (U&C) rates for certain prescription drugs... Walgreens will pay the states and federal government $60 million, all of which is attributable to the states’ Medicaid programs... The national federal and state civil settlement will resolve allegations relating to Walgreens’ discount drug program, known as the Prescription Savings Club (PSC). The investigation revealed that Walgreens submitted claims to the states’ Medicaid programs in which it identified U&C prices for certain prescription drugs sold through the PSC program that were higher than what Walgreens actually charged for those drugs... This is the second false claims act settlement reached with Walgreens today. On January 22, 2019, AG James announced that Walgreens is to pay New York over $6.5 million as part of a $209.2 million settlement with the federal government and other states, resolving allegations that Walgreens knowingly engaged in fraudulent conduct when it dispensed insulin pens..."

States involved in the settlement include New York, California, Illinois, Indiana, Michigan and Ohio. Kudos to all Attorneys General and their staffs for protecting patients against corporate greed.

It is easy to find examples where companies use mobile apps to collect consumers' real-time GPS location data, so they can archive and resell that information later for additional profits. First, ExpressVPN reported:

"The city of Los Angeles is suing the Weather Company, a subsidiary of IBM, for secretly mining and selling user location data with the extremely popular Weather Channel App. Stating that the app unfairly manipulates users into enabling their location settings for more accurate weather reports, the lawsuit affirms that the app collects and then sells this data to third-party companies... Citing a recent investigation by The New York Times that revealed more than 75 companies silently collecting location data (if you haven’t seen it yet, it’s worth a read), the lawsuit is basing its case on California’s Unfair Competition Law... the California Consumer Privacy Act, which is set to go into effect in 2020, would make it harder for companies to blindly profit off customer data... This lawsuit hopes to fine the Weather Company up to $2,500 for each violation of the Unfair Competition Law. With more than 200 million downloads and a reported 45+ million users..."

Long-term readers remember that a data breach in 2007 at IBM Inc. prompted this blog. It's not only internet service providers which collect consumers' location data. Advertisers, retailers, and data brokers want it, too.

Second, Burger King ran last month a national "Whopper Detour" promotion which offered customers a once-cent Whopper burger if they went near a competitor's store. News 5, the ABC News affiliate in Cleveland, reported:

"If you download the Burger King mobile app and drive to a McDonald’s store, you can get the penny burger until December 12, 2018, according to the fast-food chain. You must be within 600 feet of a McDonald's to claim your discount, and no, McDonald's will not serve you a Whopper — you'll have to order the sandwich in the Burger King app, then head to the nearest participating Burger King location to pick it up. More information about the deal can be found on the app on Apple and Android devices."

Next, the relevant portions from Burger King's privacy policy for its mobile apps (emphasis added):

"We collect information you give us when you use the Services. For example, when you visit one of our restaurants, visit one of our websites or use one of our Services, create an account with us, buy a stored-value card in-restaurant or online, participate in a survey or promotion, or take advantage of our in-restaurant Wi-Fi service, we may ask for information such as your name, e-mail address, year of birth, gender, street address, or mobile phone number so that we can provide Services to you. We may collect payment information, such as your credit card number, security code and expiration date... We also may collect information about the products you buy, including where and how frequently you buy them... we may collect information about your use of the Services. For example, we may collect: 1) Device information - such as your hardware model, IP address, other unique device identifiers, operating system version, and settings of the device you use to access the Services; 2) Usage information - such as information about the Services you use, the time and duration of your use of the Services and other information about your interaction with content offered through a Service, and any information stored in cookies and similar technologies that we have set on your device; and 3) Location information - such as your computer’s IP address, your mobile device’s GPS signal or information about nearby WiFi access points and cell towers that may be transmitted to us..."

So, for the low, low price of one hamburger, participants in this promotion gave RBI, the parent company which owns Burger King, perpetual access to their real-time location data. And, since RBI knows when, where, and how long its customers visit competitors' fast-food stores, it also knows similar details about everywhere else you go -- including school, work, doctors, hospitals, and more. Sweet deal for RBI. A poor deal for consumers.

Expect to see more corporate promotions like this, which privacy advocates call "surveillance capitalism."

Consumers' real-time location data is very valuable. Don't give it away for free. If you decide to share it, demand a fair, ongoing payment in exchange. Read privacy and terms-of-use policies before downloading mobile apps, so you don't get abused or taken. Opinions? Thoughts?